From: Kris Boulez (kris.boulez_at_c-cure.be)
Date: Thu 28 Aug 2003 - 09:48:55 BST
On Wed, 2003-08-27 at 15:33, Jon Bendtsen wrote:
> Kris Boulez wrote:
> > On Mon, 2003-08-25 at 13:27, Rus Foster wrote:
> >
[ ... ]
> >
> > I do have a question though from a security point. How are these images
> > created ? Are there any scripts used we can examine/run ourselves ?
>
> This is a basic problem, but let me ask you another...
> Do you personaly check the patches for the linux kernel that Jaques
> makes? Are you familiar with the history of how ken tompson? got a
> backdoor into gcc? The point i am making is that you cant _TRUST_
> everything, but at some point you have to trust someone to get a
> computer, to get software, to get ...
>
I know, but these machines will run pretty critical stuff. A (short)
description on how the images were made (for RH 9.0: which RPM's
installed, what deleted, ...) would be very handy.
Kris,
-- Kris Boulez Tel: +32-3-216.50.50 C-CURE Fax: +32-3-216.50.51 K. Rogierstraat 27 email: kris.boulez_at_c-cure.be B 2000 Antwerpen http://www.c-cure.be/